This release contains another security fix that further improves validation of symbolic references and thus properly fixes this CVE: https://github.com/advisories/GHSA-cwvm-v4w8-q58c (CVE-2023-41040).
https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst Signed-off-by: Tim Orling <[email protected]> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b86ac6e..5bc4659 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ django-reversion-compare==0.14.1 django-simple-captcha==0.5.14 djangorestframework==3.13.1 gitdb==4.0.9 -GitPython==3.1.32 +GitPython==3.1.37 kombu==5.2.3 mysqlclient==2.1.0 Pillow==9.3.0 -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#61169): https://lists.yoctoproject.org/g/yocto/message/61169 Mute This Topic: https://lists.yoctoproject.org/mt/101659524/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
